Find out if your Home Organisation is willing to release attributes to an SP committed to the CoCo

You need to identify the person to make that decision. The person must have the right to do the decision.

The person needs to be able to balance the risks (attribute release leading to a data protection problem) with the benefits (the potential of easier scientific collaboration which may lead to an increased scientific output of the institution)

The person can be for instance a CIO or information manager responsible for identity management

The person may need security consultation by the security manager and legal consultation by a lawyer or other person familiar with the data protection laws

Consider deploying an attribute release UI to the IdP server for informing the end user

The CoCo does not strictly require it but recommends it as a good practice for reducing Home Organisations’ risks of non-compliance with the data protection laws